A vulnerability is reported to exist in MailPost version 5.1.1sv and possibly earlier versions that may permit a remote attacker to gain sensitive information about the server configuration and environment..
According to the ProCheckUp report, MailPost contains a vulnerability that may permit a remote attacker to gain sensitive information about the server configuration and environment.. When the application is in debug mode, an attacker can retrieve sensitive configuration and environment information about the target machine by sending a *debug* query string to the script. Note that debug mode is enabled in the default configuration.
This information could be used to determine sensitive information about the server's environment.
The CERT/CC is currently unaware of a practical solution to this problem.
This vulnerability may be mitigated by disabling the debug mode.
Thanks to ProCheckUp for reporting this vulnerability.
This document was written by Jason A Rafail and is based on information provided by ProCheckUp.
|Date First Published:||2004-11-03|
|Date Last Updated:||2004-11-03 15:57 UTC|